summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp
Commit message (Collapse)AuthorAgeFilesLines
...
* Teach the static analyzer that NSLog() and friends do not hold on to object ↵Ted Kremenek2012-05-081-0/+6
| | | | | | references (thus extending their lifetime). llvm-svn: 156346
* [analyzer]Fixup r156215: use StopTracking summary instead of ScratchArgsAnna Zaks2012-05-071-4/+2
| | | | | | | As per Jordy's and Ted's comment, use the default StopTracking summary instead of adding all arguments to ScratchArs. llvm-svn: 156310
* [analyzer] RetainCountChecker: Allow objects to escape through callbacksAnna Zaks2012-05-041-8/+20
| | | | | | Fixes radar://10973977. llvm-svn: 156215
* [analyzer] RetainRelease: Self assignment should not suppress a leakAnna Zaks2012-05-021-1/+5
| | | | | | warning. llvm-svn: 155966
* Teach RetainCountchecker about IORegistryEntrySearchCFProperty returning ↵Ted Kremenek2012-05-011-0/+1
| | | | | | retained objects. I know there is an SDK enhancement request for this to have the cf_returns_retained annotation, so this is just a stop gap. llvm-svn: 155887
* Teach RetainCountChecker that it doesn't quite understand ↵Ted Kremenek2012-04-261-3/+3
| | | | | | pthread_setspecific and it should just give up when it sees it. Fixes <rdar://problem/11282706>. llvm-svn: 155613
* Require that all static analyzer issues have a category. As part of this ↵Ted Kremenek2012-04-051-1/+1
| | | | | | | | | | change, consolidate some commonly used category strings into global references (more of this can be done, I just did a few). Fixes <rdar://problem/11191537>. llvm-svn: 154121
* [analyzer]Malloc,RetainRelease: Allow pointer to escape via NSMapInsert.Anna Zaks2012-03-301-0/+7
| | | | | | | | Fixes a false positive (radar://11152419). The current solution of adding the info into 3 places is quite ugly. Pending a generic pointer escapes callback. llvm-svn: 153731
* Change RetainCountChecker to eagerly "escape" retained objects when they areTed Kremenek2012-03-271-0/+6
| | | | | | | | | | | | assigned to a struct. This is fallout from inlining results, which expose far more patterns where people stuff CF objects into structs and pass them around (and we can reason about it). The problem is that we don't have a general way to detect when values have escaped, so as an intermediate step we need to eagerly prune out such tracking. Fixes <rdar://problem/11104566>. llvm-svn: 153489
* [analyzer] Add a clone() method to BugReporterVisitor, so that we'll be able ↵Jordy Rose2012-03-241-1/+10
| | | | | | to reset diagnostic generation. llvm-svn: 153368
* Avoid applying retain/release effects twice in RetainCountChecker when a ↵Ted Kremenek2012-03-231-0/+3
| | | | | | function call was inlined (i.e., we do not need to apply summaries in such cases). llvm-svn: 153309
* "Teach" RetainCountChecker about dispatch_set_context, which can indirectly ↵Ted Kremenek2012-03-221-0/+8
| | | | | | free its argument later. Fixes <rdar://problem/11059275>. llvm-svn: 153244
* [analyser] Factor out FindUniqueBinding from RetainCount checker.Anna Zaks2012-03-211-33/+1
| | | | | | So that others could use it as well. No functionality change. llvm-svn: 153211
* [analyzer] Use a FoldingSet to cache simple RetainSummary instances, rather ↵Jordy Rose2012-03-181-40/+58
| | | | | | | | | | than explicitly keeping DoNothing and StopTracking summaries and nothing else. I tried to test the effects of this change on memory usage and run time, but what I saw on retain-release.m was indistinguishable from noise (debug and release builds). Even so, some caveman profiling showed 101 cache hits that we would have generated new summaries for before (i.e. not default or stop summaries), and the more code we analyze, the more memory we should save. Maybe we should have a standard project for benchmarking the retain count checker's memory and time? llvm-svn: 153007
* [analyzer] Unify retain-count summary generation for class and instance ↵Jordy Rose2012-03-171-53/+26
| | | | | | methods. No functionality change. llvm-svn: 153001
* [analyzer] Remove duplicate work on deriving method behavior. No ↵Jordy Rose2012-03-171-83/+74
| | | | | | | | | | functionality change. The cocoa::deriveNamingConventions helper is just using method families anyway now, and the way RetainSummaryTemplate works means we're allocating an extra summary for every method with a relevant family. Also, fix RetainSummaryTemplate to do the right thing w/r/t annotating an /existing/ summary. This was probably the real cause of <rdar://problem/10824732> and the fix in r152448. llvm-svn: 152998
* [analyzer] Don't claim an object was returned with +1 retain count before ↵Jordy Rose2012-03-171-4/+8
| | | | | | | | counting autoreleases. Fixes PR10376. (Also, 80-column violations.) llvm-svn: 152976
* Unify naming of LangOptions variable/get function across the Clang stack ↵David Blaikie2012-03-111-7/+7
| | | | | | | | | | (Lex to AST). The member variable is always "LangOpts" and the member function is always "getLangOpts". Reviewed by Chris Lattner llvm-svn: 152536
* Teach RetainCountChecker about mixing method families with explicit ↵Ted Kremenek2012-03-091-0/+30
| | | | | | annotations. Fixes <rdar://problem/10824732>. llvm-svn: 152448
* [analyzer] Implement basic path diagnostic pruning based on "interesting" ↵Ted Kremenek2012-03-091-4/+2
| | | | | | | | | | | | | | | | | symbols and regions. Essentially, a bug centers around a story for various symbols and regions. We should only include the path diagnostic events that relate to those symbols and regions. The pruning is done by associating a set of interesting symbols and regions with a BugReporter, which can be modified at BugReport creation or by BugReporterVisitors. This patch reduces the diagnostics emitted in several of our test cases. I've vetted these as having desired behavior. The only regression is a missing null check diagnostic for the return value of realloc() in test/Analysis/malloc-plist.c. This will require some investigation to fix, and I have added a FIXME to the test case. llvm-svn: 152361
* Add static analyzer support for new NSArray/NSDictionary/NSNumber literals.Ted Kremenek2012-03-061-31/+89
| | | | llvm-svn: 152139
* [analyzer] Leaks should be uniqued by the allocation point in theAnna Zaks2012-02-281-4/+16
| | | | | | closest function context (RetainCountChecker). llvm-svn: 151661
* [analyzer] Retain release: drop the line number info from the leakAnna Zaks2012-02-281-3/+2
| | | | | | message. llvm-svn: 151657
* RetainCountChecker: don't adjust the retain count when analyzing a ↵Ted Kremenek2012-02-251-0/+15
| | | | | | ReturnStmt unless we are in the top-level call frame. We can do more later, but this makes the checker self-consistent (and fixes a crash). llvm-svn: 151426
* Teach analyzer about NSAutoreleasePool -allocWithZone:. Fixes ↵Ted Kremenek2012-02-181-3/+5
| | | | | | <rdar://problem/10640253>. llvm-svn: 150892
* Have conjured symbols depend on LocationContext, to add context sensitivity ↵Ted Kremenek2012-02-171-2/+2
| | | | | | for functions called more than once. llvm-svn: 150849
* [analyzer] Make Malloc Checker optimistic in presence of inlining.Anna Zaks2012-02-141-2/+4
| | | | | | | | | | | | (In response of Ted's review of r150112.) This moves the logic which checked if a symbol escapes through a parameter to invalidateRegionCallback (instead of post CallExpr visit.) To accommodate the change, added a CallOrObjCMessage parameter to checkRegionChanges callback. llvm-svn: 150513
* Print NamedDecls directly to a raw_ostream where possible.Benjamin Kramer2012-02-071-1/+1
| | | | llvm-svn: 149982
* Add basic BugReporter support for CallEnter/CallExit. WIP.Ted Kremenek2012-02-071-0/+7
| | | | llvm-svn: 149939
* Basic: import SmallString<> into clang namespaceDylan Noblesmith2012-02-051-2/+2
| | | | | | | (I was going to fix the TODO about DenseMap too, but that would break self-host right now. See PR11922.) llvm-svn: 149799
* Basic: import OwningPtr<> into clang namespaceDylan Noblesmith2012-02-051-7/+7
| | | | llvm-svn: 149798
* Move a method from IdentifierTable.h out of line and remove the SmallString ↵Benjamin Kramer2012-02-041-0/+1
| | | | | | | | include. Fix all the transitive include users. llvm-svn: 149783
* Change references to 'const ProgramState *' to typedef 'ProgramStateRef'.Ted Kremenek2012-01-261-51/+51
| | | | | | | | At this point this is largely cosmetic, but it opens the door to replace ProgramStateRef with a smart pointer that more eagerly acts in the role of reclaiming unused ProgramState objects. llvm-svn: 149081
* Remove unreachable code in Clang. (replace with llvm_unreachable where ↵David Blaikie2012-01-171-6/+1
| | | | | | appropriate or when GCC requires it) llvm-svn: 148292
* Remove unnecessary default cases in switches over enums.David Blaikie2012-01-171-1/+0
| | | | | | This allows -Wswitch-enum to find switches that need updating when these enums are modified. llvm-svn: 148281
* [analyzer] Make the entries in 'Environment' context-sensitive by making ↵Ted Kremenek2012-01-061-17/+24
| | | | | | | | | | | | | | | | | | entries map from (Stmt*,LocationContext*) pairs to SVals instead of Stmt* to SVals. This is needed to support basic IPA via inlining. Without this, we cannot tell if a Stmt* binding is part of the current analysis scope (StackFrameContext) or part of a parent context. This change introduces an uglification of the use of getSVal(), and thus takes two steps forward and one step back. There are also potential performance implications of enlarging the Environment. Both can be addressed going forward by refactoring the APIs and optimizing the internal representation of Environment. This patch mainly introduces the functionality upon when we want to build upon (and clean up). llvm-svn: 147688
* Minor code formatting cleanups.Ted Kremenek2012-01-041-17/+17
| | | | llvm-svn: 147505
* Fix typos in analyzer diagnostics pointed out by Matt Beaumont-Gay and ↵Ted Kremenek2011-12-221-2/+2
| | | | | | Robert Purves. llvm-svn: 147139
* [analyzer] Change RetainCountChecker to use symbol dump method insteadAnna Zaks2011-12-051-2/+3
| | | | | | | | of relying on SymbolID. This way any expression can be printed (not only SymbolData). llvm-svn: 145829
* [analyzer] Refactor checkers to use helper function for getting callee Decl ↵Anna Zaks2011-12-011-5/+2
| | | | | | | | and name. We are getting name of the called function or it's declaration in a few checkers. Refactor them to use the helper function in the CheckerContext. llvm-svn: 145576
* [static analyzer] Tweak RetainCountChecker's diagnostics to correctly ↵Ted Kremenek2011-11-141-4/+20
| | | | | | | | indicate if a message was due to a property access. This can potentially be refactored for other clients, and this is a regression from the refactoring of property acceses. llvm-svn: 144571
* [analyzer] CheckerContext::getPredecessor() cleanupAnna Zaks2011-11-011-2/+1
| | | | | | Remove unnecessary calls to CheckerContext::getPredecessor() + Comments. llvm-svn: 143513
* [analyzer] Add getLocationContext to CheckerContextAnna Zaks2011-10-261-2/+2
| | | | | | | CheckerContext::getPredecessor is only used to get to the LocationContext half of the times. llvm-svn: 143061
* [analyzer] Rename generateNode -> addTransition in CheckerContextAnna Zaks2011-10-261-10/+10
| | | | | | Also document addTransition methods. llvm-svn: 143059
* [analyzer] Remove getEngine() form CheckerContextAnna Zaks2011-10-251-27/+24
| | | | | | | | A step toward making sure that diagnostics report should only be generated though the CheckerContext and not though BugReporter or ExprEngine directly. llvm-svn: 142947
* [analyzer] Simplify CheckerContextAnna Zaks2011-10-251-4/+4
| | | | | | | | | Remove dead members/parameters: ProgramState, respondsToCallback, autoTransition. Remove addTransition method since it's the same as generateNode. Maybe we should rename generateNode to genTransition (since a transition is always automatically generated)? llvm-svn: 142946
* [analyze] Convert EndOfPath callback to use CheckerContextAnna Zaks2011-10-251-20/+9
| | | | | | | | Get rid of the EndOfPathBuilder completely. Use the generic NodeBuilder to generate nodes. Enqueue the end of path frontier explicitly. llvm-svn: 142943
* [analyzer] Remove dead code.Anna Zaks2011-10-181-1/+0
| | | | | | ExprEngineBuilders is not used. llvm-svn: 142450
* [analyzer] Node Builder refactoring: Introduce a simple Node Builder ↵Anna Zaks2011-10-181-7/+11
| | | | | | | | | | | | | | | | | responsible for generating the node frontier. Currently we have a bunch of different node builders which provide some common functionality but are difficult to refactor. Each builder generates nodes of different kinds and calculates the frontier nodes, which should be propagated to the next step (after the builder dies). Introduce a new NodeBuilder which provides very basic node generation facilities but takes care of the second problem. The idea is that all the other builders will eventually use it. Use this builder in CheckerContext instead of StmtNodeBuilder (the way the frontier is propagated to the StmtBuilder is a hack and will be removed later on). llvm-svn: 142443
* Change operator<< for raw_ostream and NamedDecl to take a reference instead ↵Benjamin Kramer2011-10-141-3/+3
| | | | | | | | of a pointer. Passing a pointer was a bad idea as it collides with the overload for void*. llvm-svn: 141971
OpenPOWER on IntegriCloud